← back
CVE-2026-41940

WebPros cPanel and WHM Authentication Bypass via Login Flow

CVSS 9.3 CRITICALEPSS 98.1%● KEVCWE-306
In short

cPanel and WHM have a flaw that lets attackers log in without valid credentials, giving them full control over hosting accounts and servers.

Technical detail

An authentication bypass in cPanel/WHM login flow (CWE-306) allows unauthenticated remote attackers to bypass credential validation and gain unauthorized access. The vulnerability affects versions after 11.40 and requires no special preconditions, resulting in complete compromise of the control panel.

Summary generated and translated by AI from the official description.
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
WebPros · cPanelWebPros · WHMWebPros · WP Squared
public PoCs found28
githubgithub.com/assetnote/cpanel2shell-scanner89githubgithub.com/clsmight/CVE-2026-41940-PoC62githubgithub.com/rfxn/cpanel-sessionscribe13githubgithub.com/bughunt4me/cpanelCVE-2026-4194012githubgithub.com/Christian93111/CVE-2026-419408githubgithub.com/tc4dy/CVE-2026-41940-PoC-Exploit4githubgithub.com/Jenderal92/CVE-2026-419404githubgithub.com/mahfuzreham/cpanel-cve-2026-419403githubgithub.com/44pie/cpsniper2githubgithub.com/Unfold-Security/CVE-2026-41940-Detection1githubgithub.com/sardine-web/Automated-scanner-CVE-2026-419401githubgithub.com/willygailo/CVE-2026-41940-Linux1githubgithub.com/MrOplus/CVE-2026-419401githubgithub.com/thekawix/CVE-2026-419401githubgithub.com/murrez/CVE-2026-419401githubgithub.com/acuciureanu/cpanel2shell-honeypot0githubgithub.com/ZildanZ/CVE-2026-419400githubgithub.com/Defacto-ridgepole254/CVE-2026-41940-Exploit-PoC0githubgithub.com/branixsolutions/Security-CVE-2026-41940-cPanel-WHM-WP20githubgithub.com/SreejaPuthan/cpanel-control-plane-exposure-check0githubgithub.com/ngksiva/cpanel-forensics0githubgithub.com/anach-ai/CVE-2026-419400githubgithub.com/limo57640-crypto/cpanel-cve-41940-detector0githubgithub.com/xxconi/CVE-2026-419400githubgithub.com/yurahshell/CVE-2026-419400githubgithub.com/asdasddqwdq29-a11y/CVE-2026-419400cve_referencegithub.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.pyunverifiedexploitdbwww.exploit-db.com/exploits/52574unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.cpanel.net/release-notes/release-noteshttps://docs.wpsquared.com/changelogs/versions/changelog/#13617https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.pyhttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow